Share this story

It's Thanksgiving week in the US, and most of our staff is focused on a morning coffee or Black Friday list rather than office work. As such, we're resurfacing this story of four Microsoft engineers who predicted the downfall of DRM more than a decade ahead of its time (their paper turned 15 this month). This story originally ran on November 30, 2012, and it appears unchanged below.

Can digital rights management technology stop the unauthorized spread of copyrighted content? Ten years ago this month, four engineers argued that it can't, forever changing how the world thinks about piracy. Their paper, "The Darknet and the Future of Content Distribution" (available as a .doc here) was presented at a security conference in Washington, DC, on November 18, 2002.

By itself, the paper's clever and provocative argument likely would have earned it a broad readership. But the really remarkable thing about the paper is who wrote it: four engineers at Microsoft whose work many expected to be at the foundation of Microsoft's future DRM schemes. The paper's lead author told Ars that the paper's pessimistic view of Hollywood's beloved copy protection schemes almost got him fired. But ten years later, its predictions have proved impressively accurate.

The paper predicted that as information technology gets more powerful, it will grow easier and easier for people to share information with each other. Over time, people will assemble themselves into what the authors called the "darknet." The term encompasses formal peer-to-peer networks such as Napster and BitTorrent, but it also includes other modes of sharing, such as swapping files over a local area network or exchanging USB thumb drives loaded with files.

Once a popular piece of information—say, a movie, a song, or a software title—"leaks" into the darknet, stopping its spread becomes practically impossible. This, the engineers realized, had an important implication: to prevent piracy, digital rights management had to work not just against average users, but against the most tech-savvy users on the planet. It only takes a single user to find a vulnerability in a DRM scheme, strip the protection from the content, and release the unencrypted version to the darknet. Then millions of other users merely need to know how to use ordinary tools such as BitTorrent to get their own copies.

Trusted computing or treacherous computing?

Ars Technica talked to Peter Biddle, the paper's lead author, last week. The basic premise of the paper came from an e-mail Biddle circulated within Microsoft in the late 1990s. The term "darknet" was coined by co-author Bryan Willman, another Microsoft engineer. Two other Microsoft engineers, Paul England and Marcus Peinado, contributed to it.

At the time they wrote the paper, Biddle and his co-authors were working on Microsoft's "Trusted Windows" project, an effort to provide hardware-level authentication features that could make PCs resistant to tampering even by those who have physical access and control. The initiative would go under a variety of names, including Palladium, TCPA, and the Next-Generation Secure Computing Base.

Biddle, who now works at Intel but stressed that he was speaking only for himself in our interview, told us that it was a project fraught with political challenges. Inside Microsoft, people bristled at the implication that vanilla Windows was untrustworthy. Outside Microsoft, critics charged that Biddle's project represented the beginning of the end for the PC as an open platform. They feared that Microsoft would use the technology to exert control over which software could be executed on Windows PCs, freezing out open source operating systems and reducing users' freedom to run the software of their choice.

One widely discussed application for Biddle's technology was digital rights management. Building DRM atop an open, general-purpose computing platform is an inherently difficult problem. Every DRM scheme requires distributing encryption keys or other secrets to users' devices without the users themselves having access to them. But on an open PC, the user has the ability to inspect and modify essentially all data stored on the device, so DRM schemes are inherently insecure.

It was "very challenging for the PC industry to make the same kinds of statements around how secure data could be on the PC compared to closed devices like CE boxes," Biddle told us. Many hoped (or feared) that a "trusted" computing platform could dramatically improve a DRM scheme's tamper-resistance by preventing a machine's owner from inspecting sensitive encryption keys or modifying DRM code. But preventing users from modifying DRM schemes also inherently meant reducing users' control over the devices they owned. The risk of Microsoft locking down everyone's PC provoked an online backlash, with critics calling the technology "treacherous computing."

Biddle says that backlash "took us completely by surprise." He told us that his team didn't "realize the level of entrenchment and fear" about the ways Microsoft might misuse the technology. In his view, the public overreacted to what was designed to be an application-agnostic security technology. "A lot of the things that were said about trustworthy computing being treacherous were actually impossible," he told us.

“I almost got fired”

Biddle says that he and his team realized early on that DRM technology would never succeed in shutting down piracy. He hoped that writing a paper saying so would reassure Microsoft's critics in the technical community that Redmond wasn't planning to lock down the PC in order to satisfy Hollywood. And by making it clear that the people behind Microsoft's "trusted computing" push were not fans of DRM, Biddle hoped he could persuade the technical community to consider other, more benign applications of the technology he was building.

Biddle couldn't be too candid about the link between his paper and the technology he was building. Explicitly admitting that DRM schemes built on "Trusted Windows" wouldn't stop piracy might make it harder for Microsoft to persuade content providers to license its products for Microsoft's technology platforms. Biddle hoped that releasing his paper at a technical security conference would allow him to send a "dog whistle" to the technology community without raising the ire of Hollywood.

It didn't work out that way. "I almost got fired over the paper," Biddle told Ars. "It was extremely controversial." Biddle tried to get buy-in from senior Microsoft executives prior to releasing the paper. But he says they didn't really understand the paper's implications—and particularly how it could strain relationships with content companies—until after it was released. Once the paper was released, Microsoft's got stuck in bureaucratic paralysis. Redmond neither repudiated Biddle's paper nor allowed him to publicly defend it.

At the same time, "the community we thought would draw a connection never drew the connection," Biddle said, referring to anti-DRM activists. "Microsoft was taking so much heat around security and trustworthy computing, that I was not allowed to go out and talk about any of this stuff publicly. I couldn't explain 'guys, we're totally on your side. What we want is a program that's open.'"

A losing battle

While Biddle and his colleagues didn't succeed in allaying the fears of Palladium's critics, the paper's central arguments have held up well. The authors predicted that the emergence of the darknet would produce a technological and legal arms race. They thought content companies and law enforcement would attack those aspects of the darknet that were most centralized, but that the darknet would adapt through greater decentralization. And they predicted that efforts to build secure DRM schemes would continue to fail. All of their predictions have continued to hold true over the last decade.

Both content companies and the US government have pursued increasingly aggressive anti-piracy strategies. The Recording Industry Association of America sued thousands of alleged file-sharers during the last decade, and content companies have sued numerous file-sharing startups out of existence. In 2010, the federal government got into the act, using the powers of the recently passed PRO-IP Act to seize domains and other assets of alleged pirate sites. And they have even begun to arrest key figures in file-sharing networks.

Yet these increased enforcement efforts have barely slowed down the darknet's momentum. A key development has been the emergence of "locker sites" that host infringing files and "link sites" that provide pointers to those files.

"The thing about the locker and link sites is that they can be very lightweight," Biddle told us. They are "not that hard to replicate because they are basically a database." That makes the network as a whole much more robust to law enforcement efforts to shut it down: close down one site and two more pop up in its place.

And while BitTorrent and Megaupload get all the attention, Biddle notes that there are other file-sharing techniques that the government is never going to stop. "Teenagers and twenty-somethings I know routinely will go over to a friend's house with a terabyte drive to swap stuff," he said. They choose the "sneakernet" approach less out of fear of liability than because it's so convenient. "You can have a ton of content on a terabyte drive," he noted.

Yet the content industry continues to try, and fail, to produce secure DRM schemes. Biddle believes this strategy has proved counterproductive because it inconveniences legitimate customers without stopping piracy.

"I'm now finding that for some kinds of content, the illegal is clearly outperforming legal," Biddle said. "That blows me away. I pay for premium cable. It's easier to use BitTorrent to watch Game of Thrones. HBO Go is trying very hard to do a good job," he said, but the user experience just isn't as good. Because HBO Go is a streaming service, he said, it's more vulnerable to network congestion than simply downloading the entire episode from the darknet.

Promoted Comments

I'm a bit surprised that an apparently smart guy like him would be surprised that a paper on the capabilities of the 'darknet' would assuage Microsoft's critics on Palladium/NGSCB/"Trusted Computing"/whatever.

Yes, because of uncontrolled distribution in the background, you can stop the movement of files through peer networks. However, that isn't actually terribly relevant:

1. Free Software(along with commercially minded 'we-remember-what-you-did-to-netscape' pessimists of MS's market power) people don't primarily care about whether "trusted computing" can stop kids from swapping burned bieber CDs and warez. They care about whether it can stop you running what you want to run on the hardware you "own". Can it? Oh yes, yes it can. Not 100% perfectly, but contemporary consoles are getting to the point where hardware attacks are necessary to execute unsigned code, iDevices are spreading the walled garden to the masses, and Microsoft is going all app-store, all the time on their ARM gear. What good is piracy if you can't buy a computer that will execute your booty?

2. Even if your primary concern is piratical, the "darknet" only saves you as long as vendors are willing to ignore legacy formats. All it takes is one person to crack the DRM and release the plaintext version; but only if available consumer devices will actually accept plaintext. Your ipad, say, will process an anonymous mp3, or h.264 video, so team Hollywood and the RIAA crowd are out of luck; but how about an unsigned .ipa file? Not happening. Even if it is 100% structurally valid, it needs an apple key, or an enterprise key, or a dev key(that matches the hardware it is running on, since those are limited to a set number of devices). You can strip all the DRM you want, you'll just have some trouble finding hardware to run it on. Windows RT will play the same game with Windows binaries.

That's the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier...

I'm a bit surprised that an apparently smart guy like him would be surprised that a paper on the capabilities of the 'darknet' would assuage Microsoft's critics on Palladium/NGSCB/"Trusted Computing"/whatever.

Thank you for give me credit for being apparently smart.

This is becoming my favorite comment thread of all time. Bryan! ______ from Disney! Sweet!

I was surprised about it ten years ago. I think my surprise was comically innocent in hindsight, but so was the lack of technical depth applied by some opponents to TWC.

fuzzyfuzzyfungus wrote:

Free Software(along with commercially minded 'we-remember-what-you-did-to-netscape' pessimists of MS's market power) people don't primarily care about whether "trusted computing" can stop kids from swapping burned bieber CDs and warez. They care about whether it can stop you running what you want to run on the hardware you "own". Can it? Oh yes, yes it can. Not 100% perfectly, but contemporary consoles are getting to the point where hardware attacks are necessary to execute unsigned code, iDevices are spreading the walled garden to the masses, and Microsoft is going all app-store, all the time on their ARM gear. What good is piracy if you can't buy a computer that will execute your booty?

Palladium, as outlined by Seth Schoen at the time (an intelligent analysis that was completely ignored by detractors because it was inconveniently inconsistent with more Luddite views) and now again highlighted by Bryan in his comments wasn't actually capable of keeping SW from running on a PC.

I know it wasn't because we designed it to allow anyone to run SW that was protected from the rest of the system. The TPM is a crypto co-processor connected via the LPC bus. It had none of the (totally fabricated) privilege nor control that would let it control what SW runs on the CPU.

As I said at the time - Palladium treated the rest of Windows as a virus. This includes any SW that might want to peek into a protected environment.

Let me repeat this, to be clear: ANYONE COULD RUN AND PROTECT ANY SW ON THE SYSTEM and it would be protected from EVERYONE ELSE.

This meant that yes, Disney could make a video player which protects video files from many (but not all) kinds of attacks. (eg it didn't protect against Freon, dual-ported memory, or DtoAtoD conversions).

It also meant that you could run SW which protects you, and whatever stuff you choose to put in it, from Disney. There was no single root key model, no trust chain that MSFT controlled, and no god-privilege that would let MSFT or anyone look at protected secrets at runtime.

SW was protected from SW.

Could other people - like Apple - use similar technologies to create systems that won't run arbitrary code? Of course. But that wasn't part of our threat model and it wasn't what we were building.

So why did we do it? Because there's good to be had in protecting stuff. The darknet creates network effects for stuff that is a global secret in high demand. Lots of stuff in need of protection are not global secrets nor in high demand.

fuzzyfuzzyfungus wrote:

2. Even if your primary concern is piratical, the "darknet" only saves you as long as vendors are willing to ignore legacy formats. All it takes is one person to crack the DRM and release the plaintext version; but only if available consumer devices will actually accept plaintext. Your ipad, say, will process an anonymous mp3, or h.264 video, so team Hollywood and the RIAA crowd are out of luck; but how about an unsigned .ipa file? Not happening. Even if it is 100% structurally valid, it needs an apple key, or an enterprise key, or a dev key(that matches the hardware it is running on, since those are limited to a set number of devices). You can strip all the DRM you want, you'll just have some trouble finding hardware to run it on. Windows RT will play the same game with Windows binaries.

I agree that closed systems have those characteristics and I applaud your railing against them. I'd be deeply surprised (again!) to find that you are more committed or passionate than I about the need for open devices that will run and protect arbitrary code.

fuzzyfuzzyfungus wrote:

That's the real problem. Yeah, it is impossible to make 100% of DRMed endpoints exfiltration-proof. However, your ability to make 95%+ of endpoints increasingly hostile to anything lacking a trusted DRM signature is constrained only by customer hostility, not by any technological barrier...

When Palladium fell apart we were able to salvage a great drive encryption solution (BitLocker) from its ashes. BitLocker treats all data as equally worthy of protection and by design has to treat the possessor of a PC as a potential attacker. I'm quite proud of that.

247 Reader Comments

Well yeah, DRM punishes the buyer, not the pirate. The only real DRM that I "like" is Steam because overall, while my games are locked to Steam, Steam itself adds a ton of value to my purchases in the forms of easy updates, friends list, easy multiplayer, workshop...

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

I similarly use pirate sites as a more convenient way to get content I already own, or content that's on a service I pay for. The entire industry could learn a lot from Valve. Piracy is a service problem, and if you provide a good service piracy becomes less of a concern; Russia is Valve's second largest market.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

I wonder how many engineers Microsoft has lost due to not listening to them or punishing them because they gave them facts on problems that were presented to them? Pretty depressing to think about considering as a kid I always thought it would be awesome to work for Microsoft as a programmer and now i'm a part of me is glad I never went for it.

I similarly use pirate sites as a more convenient way to get content I already own, or content that's on a service I pay for. The entire industry could learn a lot from Valve. Piracy is a service problem, and if you provide a good service piracy becomes less of a concern; Russia is Valve's second largest market.

This, I often download things I paid for in a form that isn't crippled by DRM that prevents me from streaming video to my other devices, or playing it in a player that doesn't lag to death on my 2nd Gen Core i7 with 16GB RAM *coughiTunescough*. I have no problem buying products. I do it all the time on Steam and iTunes and Amazon. It's when I can't use the product easily and in the variety of ways I'd like to after paying for it that I start looking to bittorrent.

I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?)

Of course it is. Every single game released has a pirated version with the DRM stripped within minutes or hours. Once you accept that every already can get your content for free if they feel like it, the game changes from "hey, buy this so you can read/view/play it" to "how do I generate goodwill and fandom around my content so that people feel good about paying me?" That's a big change, and it's proven to be very difficult for the giant companies to do; they aren't used to looking human, they are used to producing a widget and dealing with the buyers as statistics in a sales powerpoint.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

I'm not sure why he was surprised at the reaction. All of their security initiatives were coming mere years after the antitrust trial laid out how Microsoft conspired internally, and acted illegally externally, to kill off competition and constrain the market. "Made for IE6" was all over the web, with websites denying access to non-IE browsers.

Color me shocked that people would (over)react poorly to Microsoft-proposed security schemes that could be used in DRM and other user-constraining manners. People still don't trust Microsoft, which is why we have the dust up regarding secure boot.

Irony is that Apple's managed to slip an OS dedicated to DRM and end-user control out into the market, something Microsoft is now trying furiously to ape.

I see the Valve evangelists are coming out of the woodwork to defend how they LIKE Steam's DRM.

The future should be no DRM, not "I like THIS particular DRM because it's idiot proof".

It may be the most convenient and least problem-prone, but just wait until you get your account banned for some reason, or Valve has financial problems (look at the sudden fall of Goldman Sachs during the financial crisis). Or your internet is down for a month or two (I had this happen to me...thanks Charter).

I tell my wife the same thing about her Kindle books. Sure, the DRM is transparent and the service is easy to use (right now) - but there's documented cases of folks being banned while Amazon won't even tell them why... access lost. De-DRMing them is the way to ensure you don't lose access.

It's all good until it fails you. Sure Valve and Amazon have a very low failure rate - but it sure sucks when it's you that has the bad luck. And it never really does what it's intended to do.

DRM only hurts legitimate customers.

EDIT: I agree Steam is the least objectionable DRM. I'll quote-unquote "buy" Steam DRM games, or XBLA games, VERY rarely, at rental prices (say $3 to maybe $10 tops) - since sometimes I find that to be a fair price for a rental of undetermined length. I've spent more at places like GOG and Smashwords than I have Steam or Amazon though - I try to avoid purchasing DRM'd content.

What else to say, other than a Thank You - who would have thought that the man behind Palladium is the one with such a healthy attitude towards the whole issue.

Sum total however is, while there is money in the content industry pockets and until a new generation of executives comes to lead that industry, there will be a shameful war between those who they bribe (govenment and courts) and the consumers with many consumers + the society overall suffering for no reason at all. Even more ridiculous than the "drugs war".

But there, in 20-50 years, it will all be forgotten, however until then, we can all just hope that the content owners idiocy (and that is not the actual artists 90% of th etime) ends sooner rather than later.

The future should be no DRM, not "I like THIS particular DRM because it's idiot proof".

Which would be the ultimate goal, but if the industry is going to be stupid they should at least be directed to the one form that is the least annoying. And if it concerns you, do as I do and stockpile Steam-removing cracks for each game you buy as insurance.

Quote:

DRM only hurts legitimate customers.

As always. No reason not to arm yourself in kind. AnyDVD HD hooooooo.....

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

If a creator is properly remunerated even with the existence of widespread illegal activity than what is the real harm of the activity? And how would DRM prevent such an activity?

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

Politics and bureaucracy. You can't go to the CEOs and say "well we'll make money anyways, we shouldn't bother try to lock down our software because it isn't worth it." They'll laugh in your face and then fire you (as Biddle almost found out) and hire someone who will try to lock down the software, because "piracy is bad, m'kay?" and the people at the top usually know nothing about how the technology actually works. They think if you pour enough money at it and have enough people typing furiously at the keyboard for long enough, you can make a magical program that is unbreakable. Valve is a rare exception among the big players (Gabe actually being technically proficient), although I do think a lot of the smaller players understand this (smaller companies are sometimes run by actual experts in the field, instead of people who can massage stock numbers and make themselves look good).

There is also a slight issue of practicality. A tiny bit of DRM makes copying the game slightly more difficult than literally copying the files, without offering a terrible inconvenience to paying customers. That is probably the most reasonable approach. It doesn't stop the pirates, because nothing will, but it does stop people from casually spreading the non-pirated version.

And then there is the Fallout 3 approach, where the game itself had no DRM but the launcher (which was completely not-required at all for the game to actually run) used SecuRom. I think that was an example of the developers recognizing that DRM doesn't do anything, but that they had to appear to put DRM in the game, so they did so in such a way that it did essentially nothing at all to anyone with any computer savvy whatsoever.

Humans are (mostly) logical creatures, and DRM goes against the grain of consumer logic. "I bought something, but I don't own it." A pro-consumer Congress would force the word "Rent" to appear on these kinds of products at the time of transaction, and I feel that such an action would clear things up and negate some negative consumer backlash as we naturally hold concepts of ownership in renting versus buying in much clearer and logical distinctions. But instead legalese is the language we all must speak these days, and you're only aware of your lack of true ownership after opening the product up and reading lengthy EULA's.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

If a creator is properly remunerated even with the existence of widespread illegal activity than what is the real harm of the activity? And how would DRM prevent such an activity?

Define 'properly' remunerated. There is a long list of ethical and philosophical arguments against anonymous mobs, as opposed to government or the market (depending on your bent), deciding what is proper or not..

This has been explained ad-nausium but yeah paying for Cable and HBO and a DVR to watch Game of Thrones is I guess potentially easier than pirating it (I personally find downloading an episode of about anything as hard a doing any google search.) The problem is that people pirate especially that show because the $100+ cost to watch the episodes when you want per month is the issue.

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

Who are we to determine when somebody has made enough money?

What if more people purchase "World of Goo" that they were able to hire additional people to complete a sequel or perhaps design additional content. While they made a good amount, who are we to decide, when they made enough money?

Steam is a form of DRM, yet people are alright with it, even if Valve can lock your account no matter how many games you bought from them.

DRM with games is hardly a concern for me. I use Steam, and while it's nice to have older games sitting there, I will never have time to revisit them. There are always new games coming out that command my attention.

DRM on movies is a major concern. Currently, there is no service that gives me exactly what I want. There is no Steam for movies. I want to download digital copies of movies that I can play on any device. I don't want to have to buy a bluray player and fill my shelves with useless discs again. I don't want to spend time and consume additional power ripping BluRay discs either. Currently, the only way to get this type of content is illegally. It's ridiculous. I want to pay for it. Just give me what I want.

I see the Valve evangelists are coming out of the woodwork to defend how they LIKE Steam's DRM.

The future should be no DRM, not "I like THIS particular DRM because it's idiot proof".

A DRM-free future is a beautiful and elegant goal - with *future* being the key word here.

We can't make giant leaps overnight; just make sure to support whichever provider or scheme is closest to your ideal (and Steam is a hell of a lot closer than most other publishers' attempts) and push the industry toward your goals. Money talks - but it takes time.

Boycotting a service just because it doesn't currently conform to your end-game ideal view of how things should be is counterproductive - evolution happens from small, persistent environmental pressure over time, and this applies as much to markets and industries as it does to living organisms. If you refuse to support Steam on principle, you're effectively applying the same adaptive pressure (ie: none) to them that you apply to any other publisher, which means you're not helping the industry move towards better implementations at all. Of course, there are others who are (from a DRM-free perspective) doing this even better, such as GOG and they deserve your support as much or more - but there are *other* aspects (such as the client and friend integration) where Steam leads. If these are important to you, don't forget that there's more to an ideal game distribution service than it simply being DRM-free.

I think the industry is coming around to the fact that DRM on recorded content is completely pointless. It's more of an issue of no matter how many millions of dollars they throw into protection schemes for their content, it still ends up on BitTorrent within a day. So you spend millions of dollars and get no result: that's a situation that will cause business people to question the strategy. I'm talking about DRM on downloaded files like iTunes or whatever that unnecessarily restrict the devices they can be viewed on. The caveat being that the video world is moving to a streaming model, and the 'trusted computing' platforms everyone feared are here in the form of Android, iOS and Windows Mobile.

Hence, things like HBO Go exist; yes, it has limitations that the author points out in the article, but it's still better than nothing. I don't download Game of Thrones on Torrent sites because I can watch it whenever I want on HBO Go. But the Torrent sites will always be there if I want to watch it on an airplane. The industry is also working on implementing download now, watch later solutions for this type of content. It's not simple to build a product around that, and it takes time, so be patient and it will happen.

In the end, people want the content and will get it whether they pay for it or not. But they will pay for convenience, so DRM becomes a fine line you have to walk. Using the DRM has to be easier than using the darknet, but there has to be enough DRM and copyright enforcement to force you to use an inconvenient darknet if you're not paying for the content. For example, I subscribe to HBO Go but my friend down the street doesn't. If HBO let me just download Game of Thrones with no DRM, I could just give those files to my friend. But as it is, I either have to give him my account password or go download the non-DRM files off of a Torrent to be able to share them. It's become more difficult for him to acquire the files because I don't have them in non-DRM format; maybe difficult enough for him to pay $15/mo for HBO. I think that's a fair compromise to strike, and it's why DRM will always be around in some form. If you make DRM convenient enough to use for the majority of people to be willing to pay for it, then it becomes harder to displace with darknets that are less convenient to use.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

This is such a terrible argument. They made a great product, and with everyone that played it, they deserve much more than they got.

I see the Valve evangelists are coming out of the woodwork to defend how they LIKE Steam's DRM.

The future should be no DRM, not "I like THIS particular DRM because it's idiot proof".

It may be the most convenient and least problem-prone, but just wait until you get your account banned for some reason, or Valve has financial problems (look at the sudden fall of Goldman Sachs during the financial crisis). Or your internet is down for a month or two (I had this happen to me...thanks Charter).

I tell my wife the same thing about her Kindle books. Sure, the DRM is transparent and the service is easy to use (right now) - but there's documented cases of folks being banned while Amazon won't even tell them why... access lost. De-DRMing them is the way to ensure you don't lose access.

It's all good until it fails you. Sure Valve and Amazon have a very low failure rate - but it sure sucks when it's you that has the bad luck. And it never really does what it's intended to do.

DRM only hurts legitimate customers.

All the comments are valid except for the case of Amazon - you are buying the rights to view the content, and not to own it outright... The kindle book is not a physical book, and is ONLY valid if you have an amazon account otherwise you give up your rights to the book. This obviously only is an issue with kindle drm content...

I don't accept that you can destroy the concept of ownership just by renaming it to 'licensing.' I realize I am in the minority here. I find it funny that, for all that the term 'socialism' gets batted around, it's the private sector destroying the concept of private property, one license agreement at a time.

I see the Valve evangelists are coming out of the woodwork to defend how they LIKE Steam's DRM.

The future should be no DRM, not "I like THIS particular DRM because it's idiot proof".

It may be the most convenient and least problem-prone, but just wait until you get your account banned for some reason, or Valve has financial problems (look at the sudden fall of Goldman Sachs during the financial crisis). Or your internet is down for a month or two (I had this happen to me...thanks Charter).

I tell my wife the same thing about her Kindle books. Sure, the DRM is transparent and the service is easy to use (right now) - but there's documented cases of folks being banned while Amazon won't even tell them why... access lost. De-DRMing them is the way to ensure you don't lose access.

It's all good until it fails you. Sure Valve and Amazon have a very low failure rate - but it sure sucks when it's you that has the bad luck. And it never really does what it's intended to do.

DRM only hurts legitimate customers.

I'm neutral on the subject of Steam, but I will say that if they blocked/banned my account, I would have zero problem with getting those same games by other methods, since I paid once already.

Iron fisted control of music and movies died with the two deck cassette player and the VCR. The fact that companies continue to enforce their rights against pirating and aftermarket "redistribution" is not a surprise. The lengths they are willing to go to, however, are.

I've seen improvement, personally. Netflix led the charge as a legitimate way to stream movies and tv shows, but other apps have taken the challenge with free content. Hulu still allows much of its library for a couple of commercials. Vevo has a lot of videos i actually want to watch. The industry is waking up in some regards. Not shaken up and its a slow, groggy process to get these people to come around. But some of them are.

I similarly use pirate sites as a more convenient way to get content I already own, or content that's on a service I pay for. The entire industry could learn a lot from Valve. Piracy is a service problem, and if you provide a good service piracy becomes less of a concern; Russia is Valve's second largest market.

This! A few months back I bought a blu ray where the DRM not only prevented me from watching it on my PC (it's hooked up to a HDCP enabled TV, and loads of blu rays work, it shouldn't be a problem), it tried to download some update in order to decode the blu ray that made my graphics driver crash on every boot. In the end I was unable to fix it, even with uninstalling everything relating to the blu ray player and reinstalling graphics drivers and actually ended up reinstalling the OS entirely, wasting pretty much an entire day! After that I was rather unwilling to try it again and pirated it instead - 15 minutes to download and NO PROBLEMS once it was complete. Why is the legal option so much worse?

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

If a creator is properly remunerated even with the existence of widespread illegal activity than what is the real harm of the activity? And how would DRM prevent such an activity?

If these guys sold anything other then Digital content, and if 90% of their product wasn't paid for, then they would likely go out of business. I don't considering a 90% rate of piracy acceptable nor properly compensating them for their work.

And they predicted that efforts to build secure DRM schemes would continue to fail. All of their predictions have continued to hold true over the last decade.

Aren't there satellite and cable schemes not yet broken? And even the PS3 scheme took several years to be defeated. Much like there isn't perfect security online, or off, and yet people continue the "pointless" exercise. DRM isn't about being perfect, nor eternal.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

If a creator is properly remunerated even with the existence of widespread illegal activity than what is the real harm of the activity? And how would DRM prevent such an activity?

Define 'properly' remunerated. There is a long list of ethical and philosophical arguments against anonymous mobs, as opposed to government or the market (depending on your bent), deciding what is proper or not..

If a creator is in a substantially better financial position for having made a product, I'd argue that they have been properly remunerated. It's not that I think that they've made too much money or that they're whiners. They made a good game. They got paid. I bought it once boxed and once in the HIB. Their incentive to create has been maintained. How does piracy meaningfully harm them or society in any way?

I haven't pirated anything that I didn't already own for years now. But what is the point of an anti-piracy arms race in the long run? Why should we really care about it when people are making quite a good living off of DRM free products?

Also; this stuff is easy for readers of this site. I can go download torrents of movies and stuff too; but honestly I have disposable income and it's a hell of a lot easier to just log in to HBO Go on my Xbox 360 and click Play watch something on my TV than to go on my PC, search TPB for the episode I want, wait for it to download, then go hook my PC up to my TV, fiddle with the monitor settings and play the video. One method takes literally 60 seconds from the time I turn on my Xbox, the other takes probably 15 minutes of setup work. That convenience is worth money to me, so I pay for it.

Imagine how much harder that would be if you weren't a technophile (like the other 95% of the world who doesn't read this site.) People still think downloading pirated movies off the internet is black magic and that I have some uber-secret hookup rather than a publicly available website that is in the news every other week. If you're not a geek and you don't have a friend who just gives you gigs of video, it's definitely worth paying for the convenience.

They hit the nail on the head about how it only takes one person or group to exploit a vulnerability in a DRM setup and then it is all for naught. I never bought any TV shows from iTunes because of the DRM until I learned of Requiem. Now that I can keep my purchased media sans DRM without any transcoding and subsequent loss of quality, I routinely buy TV shows.

In the end, people want the content and will get it whether they pay for it or not. But they will pay for convenience, so DRM becomes a fine line you have to walk. Using the DRM has to be easier than using the darknet, but there has to be enough DRM and copyright enforcement to force you to use an inconvenient darknet if you're not paying for the content. For example, I subscribe to HBO Go but my friend down the street doesn't. If HBO let me just download Game of Thrones with no DRM, I could just give those files to my friend. But as it is, I either have to give him my account password or go download the non-DRM files off of a Torrent to be able to share them. It's become more difficult for him to acquire the files because I don't have them in non-DRM format; maybe difficult enough for him to pay $15/mo for HBO. I think that's a fair compromise to strike, and it's why DRM will always be around in some form. If you make DRM convenient enough to use for the majority of people to be willing to pay for it, then it becomes harder to displace with darknets that are less convenient to use.

What exactly is the compromise?

You want to be able to give content you pay for, to your friend, without him paying for it. What if you had a friend that did that, wouldn't do exactly the same, rinse and repeat? Why doesn't he just not pay for the content himself?

Nothing highlighted how misleading and irrelevant "piracy" numbers are, in this silly DRM war on customers, as when I saw some claims of 80%+ piracy rates for iPhone games.

Yet only an estimated 10% of users jailbreak their iDevices, which would be required to engage in piracy.

So developers aren't losing 80% of their revenues to "piracy" as they often will claim. At worse they are potentially losing 10%(still likely high as not every jailbreaker is a "pirate"), at least in the case of iPhone, and I would bet on other platforms as well, but it isn't as demonstrable there.

"Pirates" are just indiscriminate mass consumers who will try everything, because it is free.

The moment it isn't free, they will turn back into being discriminant, and their consumption will fall dramatically. There might even be a negative knock on effect as they may increase discovery and word of mouth on some products.

The DRM war on consumers is no more successful than the current "war on drugs" or prohibition "war on alcohol".

Biddle seems to think (judging from this article) that trusted computing was/is not a danger as long as piracy is possible, which totally misses the point. People shouldn't need to hack their computers to use it the way they want.

Hollywood will never ask the question "how do we add value to combat piracy" like Gabe Newell did. I do believe that DRM-free is not a possibility (World of Goo 90%+ piracy rate anyone?) but give the buyers added value. Steam does it. iTunes does it with all the cool extra LP stuff. The question should be "What can we offer our customers that makes them come back?"

World of Goo had a high piracy rate, yes. Two men still made hundreds of thousands of dollars for a year's labor. If developers are making far more in return than they put in, enough to buy houses etc. and still have a marketable skill to fall back on, why is DRM really necessary?

There are legitimate anti-DRM arguments; 'you make enough money, why are you bitching about piracy' is not one.

If a creator is properly remunerated even with the existence of widespread illegal activity than what is the real harm of the activity? And how would DRM prevent such an activity?

If these guys sold anything other then Digital content, and if 90% of their product wasn't paid for, then they would likely go out of business. I don't considering a 90% rate of piracy acceptable nor properly compensating them for their work.

Yes. And that's not even the primary issue with this concept, imo. It's unsustainable for a mass of people who have no real stake in the product or market (except a parasitical one) to decide how much money a creator should make.Also it's more of an aposteriori justification than an active 'whelp, producer x has made enough money, guess I can pirate his stuff now' type decision.

My 2c: I have a ~50min bus commute, which is just right to watch one 45min episode of some series (right now I'm digesting the full Start Trek:TNG on Netflix). Only problem is that cell coverage fails at some empty spots in the highway, so I rarely succeed to watch a full episode. This problem could be trivially fixed by caching the entire episode before leaving home--with the extra benefit that I could do that in seconds with my 100Mbps home internet. But the Netflix player won't do the full-caching thing because of DRM. Also, I still have an unlimited VZW data plan, but these are going away, so when that happens it can be the last straw to motivate me to start torrenting content that I have the right to watch.

The only way to combat piracy (note, not defeat piracy) is to have a good product, at a good price, with good flexibility on how or where or what on to use it, as conveniently as possible.

The following is a list of things that studios/companies intentionally do that cause more piracy:- Stupidly long-away release dates in a buying channel- "Album-only" type of sales for individual songs- Channel-delayed distribution (think Warner with Netflix and Redbox delays)- Cable-only premium subscription services (HBO)- Difficulty in catching up on TV episodes- Overloaded with commercials (Hulu)- "Web" only (whatever the hell that is - again, Hulu) playing of content- Install/device limits

And I'm sure there's dozens more. Either of the above will cause people to either pirate it OR, even worse, ignore it completely. Look at warner. Their little stunt with Netflix didn't work. People weren't going to buy DVDs, they were going to rent them. When you took away rentals, they weren't magically going to buy more. Then in all likelihood just forgot about the movie forever and went on their way.

For software, things just need to be priced reasonably. Individuals aren't going to pay $300 for office or $200 for an OS that isn't even including a DVD player.